Microsoft Defender scores full marks in Windows 11 LSASS credential dump protection test

A Microsoft Defender logo and text that reads Microsoft Defender for Endpoint

We have been covering AV-Comparatives reports about the performance of Microsoft Defender over the last several months. Microsoft's in-house solution has generally done well with some setbacks here and there. The tested products are for home users.

Recently, however, the security assessment firm conducted an LSASS credential dumping protection test on enterprise-class anti-malware solutions. Among the tested products was Microsoft's Defender for Endpoint and it scored the full marks in the evaluation.

The Local Security Authority Subsystem Service (LSASS) authenticates users who sign in on a Windows computer. Threat actors often use this LSASS process to steal useful credentials from domain users using dumping. These can then be used to move laterally within the targeted network.

In this LSASS credential dump test, 15 different attack methods were used and Defender for Endpoint did well to block them all. The other tested products also did equally well. The table below includes results for the following products (with LSASS protection settings enabled): Avast Ultimate Business Security, Bitdefender GravityZone Business Security Enterprise, Kaspersky Endpoint Detection and Response Expert and Microsoft Defender for Endpoint.

LSASS credential dumping test scores for Microsoft Defender and others

In the case of Microsoft Defender for Endpoint, the block was successfully made thanks to Protected Process Light (PPL) and Attack Surface Reduction (ASR) hardening. PPL is enabled by default on Windows 11 and recently, ASR rule for blocking credential stealing was also enabled by default.

Source: AV-Comparatives

Report a problem with article
The Surface Duo 2 in black
Next Article

Surface Duo and Duo 2 receive September 2022 update

Image of the Steam Deck portable PC by Valve
Previous Article

Valve's Steam Deck finally gets official mail-in service centers for repairs

2 Comments - Add comment